Mycomplianceoffice Mco

8 CVEs affecting Mycomplianceoffice Mco. Latest disclosed: 2026-07-01. Critical: 0, High: 0.

Top CVEs affecting Mycomplianceoffice Mco
CVESeverityScorePublishedSummary
CVE-2026-539092026-07-01MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An auth…
CVE-2026-539082026-07-01MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid and invalid u…
CVE-2026-539072026-07-01MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the application lo…
CVE-2026-539062026-07-01MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename p…
CVE-2026-539052026-07-01MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated…
CVE-2026-539042026-07-01MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalidates previous…
CVE-2026-539032026-07-01MCO is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatement endpoint…
CVE-2026-539022026-07-01MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can mo…